1. Field of the Invention
The present invention relates to an IC, an electronic device, a method for debugging the IC, a method for debugging the electronic device, and a debugger, having a security function for preventing a spurious acquisition of a behavior of an internal circuit of the IC.
2. Description of the Related Arts
In every field such as an electronic commerce, etc., a device of higher security is demanded. For this reason, various methods for preventing a reverse engineering in the device are devised. However, irrespective of these trials, a reverse engineering ROM, or the like is prepared, and an abuse for a reluctant use for a developer of the device does not become extinct. For this reason, a system in which a third person is incapable of engineering operation itself of the device is demanded.
FIG. 9 is an explanatory diagram of the prior art. As shown in FIG. 9, an LSI 110 is provided with a CPU 200, a peripheral circuit 300, and a bus 600 for connecting therewith. In this LSI 110, the CPU 200 acquires data or programs from the peripheral circuit 300, and processes the data, and outputs them to the peripheral circuit 300.
On the other hand, in the case where the device is developed by use of this LSI 110, a processing behavior of the CPU 200 is directly monitored, and the programs or the like are verified. A verification method for monitoring output data of the peripheral circuit 300 is executed, but a behavior of the CPU 200 up to the output cannot be elucidated from the output data.
For this reason, the CPU 200 is provided with a debug I/F (interface) circuit 400 via another bus 500. An external debug controller 100 of the LSI 110 is connected to the debug I/F 400, and supplies a clock CLK, and inputs a signal SIN, and obtains an output SOUT.
This debug I/F circuit 400 is exploited for acquiring a behavior (contents of a program counter, a register, or the like) of the CPU 200 at the time of developing the device, and in the case where the device is shipped to a field, the debug I/F circuit 400 is similarly exploited at the time of the occurrence of a fault, and at the time of diagnosing the device.
A security function is not provided in the prior art with respect to an access from the debug I/F 400, as described above.
In the device which does not require a conventional normal security, a debug I/F terminal is seen from outside irrespective of the time of being unused/the time of being used, and is entirely defenseless for the exploitation by the third person. For this reason, in the case of the device shipped to the field, the third person uses the debug I/F terminal, so that a behavior of a central processing unit (CPU) can accurately and readily be made reverse engineering, and it needs high-performance in security.
However, in the case where the conventional device uses the CPU provided with the debug I/F function, a clue of analysis is given to the third person. For example, in the case of a POS register using the CPU with the debug I/F function, a debug unit of the debug I/F is connected to a personal computer, etc., so that even data such as a password, a cryptographic key, or the like can readily be searched.